Working with Entrust Digital Signing Certificates on Linux Ubuntu

Posted June 2, 2021 457 views
SecurityLet's EncryptUbuntu 20.04

The engineering licensing body where I am requires us to use that uses Entrust certificates and services. Notarius has apps for signing/certifying documents, like pdf, with apps running on Windows. For non-engineering applications I’ve been signing/certifying documents using MasterPDF, LibreOffice & other programs on Ubuntu 20.04 with Seahorse as a certificate manager. I’ve requested from Notarius customer support to have the certificates so I can work without their Windows software but they don’t seem to understand the question, insisting I need an epf file, a Microsoft security file. I’m a bit of a cybersecurity newby and I’m wondering exactly what files I should be asking for. For Entrust would it be a .pem, .pki or .crt file? There’s information on how to setup a root certificate for Entrust on Ubuntu but what else do I need? Thanks for any help in this regards.

Best Regards,


These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
2 answers


I am not rally familiar with, but in most cases a .pem certificate should be sufficient.

However if this does not work, my advise would be to ask your case to be escalated with as they are the provider of the service and they should be able to confirm this.

Hello Christian,

An EPF file is what I would call an Entrust formatted security file which holds certificates, private keys and other security data. Some times it’s referred to as an Entrust Profile. Most standard applications do not know how to use an EPF file.

I’ll assume that there is a certificate associated with your name that was created/managed by using Entrust. You would need to get a copy of this certificate; which appears to be what you are trying to do. If they are insisting that you need an EPF file, does that mean they are willing to provide you with that EPF file?

What you likely need is an PKCS12 formatted certificate (often held in a file with extension .p12 or .pfx). If you have a .pem file that is associated with your certificate, then that might work, but that depends on what is in the PEM file (a file in PEM format can contain lots of different things). If they have the EPF file for your certificate, then they should be able to export your certificate out of the EPF file and into a PKCS12 file. If they can’t do that, but they are able to give you the EPF file, then you should be able to do that export yourself. There is an Entrust application (Windows based) for performing such an export.

If you get access to the EPF file but are stuck trying to find a way to export the certificates using your Ubuntu GNU/Linux system, then let me know as I have ideas for that also.